Merge pull request #845 from Thulium-Drake/fix_init

Ensure that the target folder is present before copying files into it

.github/workflows/auto-close-issues.yml

@@ -0,0 +1,19 @@
+name: Close stale issues after 5 days
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - uses: actions/stale@v10
+        with:
+          days-before-issue-stale: 4
+          days-before-issue-close: 1
+          stale-issue-label: "stale"
+          close-issue-message: "This issue has been automatically closed due to inactivity for 5 days."
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          exempt-issue-labels: "keep-open,triage,bug"

.github/workflows/build-image-debian.yaml

@@ -3,36 +3,47 @@ name: Build Debian Container Image
 on:
   pull_request:
     paths:
+      - ".github/**"
       - "debian/**"
   push:
     paths:
+      - ".github/**"
       - "debian/**"
-    branches:
-      - master
+
+env:
+  REGISTRY_IMAGE: invoiceninja/invoiceninja-debian
 
 jobs:
-  docker:
-    runs-on: ubuntu-latest
+  build:
+    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          platforms: all
+          images: ${{ env.REGISTRY_IMAGE }}
 
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Build
-        id: docker_build
-        uses: docker/build-push-action@v5
+        id: build
+        uses: docker/build-push-action@v6
         with:
-          context: debian  
-          file: debian/Dockerfile  
-          load: true
-          tags: invoiceninja/invoiceninja-debian:test
+          context: debian
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          outputs: type=image,push-by-digest=true,name-canonical=true
           cache-from: type=gha
           cache-to: type=gha,mode=max

.github/workflows/publish-image-debian.yaml

@@ -0,0 +1,166 @@
+name: Publish Debian Container Images
+
+on:
+  push:
+    tags-ignore:
+      - "invoiceninja-*"
+
+env:
+  REGISTRY_IMAGE: invoiceninja/invoiceninja-debian
+
+jobs:
+  version:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      major: ${{ steps.version.outputs.major }}
+      minor: ${{ steps.version.outputs.minor }}
+      url: ${{ steps.version.outputs.url }}
+    steps:
+      - id: version
+        run: |
+
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+            # Remove -o or -d suffix if present
+            VERSION=${VERSION%-*}
+          fi
+          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
+          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
+          URL=https://github.com/invoiceninja/invoiceninja/releases/download/v${VERSION}/invoiceninja.tar.gz
+
+          # Debug output
+          echo "Current version: ${VERSION}"
+          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
+
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
+          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
+          echo "url=${URL}" >> $GITHUB_OUTPUT
+
+  build:
+    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
+    needs:
+      - version
+    strategy:
+      fail-fast: false
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Prepare
+        id: prep
+        run: |
+          platform=${{ matrix.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: debian
+          build-args: URL=${{ needs.version.outputs.url }}
+          platforms: ${{ matrix.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ env.REGISTRY_IMAGE }}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - version
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            ${{ needs.version.outputs.version }}
+            ${{ needs.version.outputs.major }}
+            ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}
+            latest
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
+
+      - name: Inspect image
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
+
+  Description:
+    if: ${{ github.event_name != 'pull_request' }}
+    runs-on: ubuntu-latest
+    needs:
+      - merge
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          sparse-checkout: "README.md"
+
+      - name: Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+          repository: ${{ env.REGISTRY_IMAGE }}

.github/workflows/publish-image.yaml

@@ -1,75 +0,0 @@
-name: Publish Debian Container Images
-
-on:
-  push:
-    tags-ignore:
-      - "invoiceninja-*"
-
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          - image: invoiceninja/invoiceninja-debian
-            context: ./debian
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4  # Updated from v2
-        with:
-          fetch-depth: 0
-
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${{ matrix.image }}
-          VERSION=edge
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-          fi
-          TAGS="${DOCKER_IMAGE}:${VERSION}"
-          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
-          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
-          TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:${MAJOR}.${MINOR}"
-          
-          # Debug output
-          echo "Current version: ${VERSION}"
-          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
-          
-          TAGS="$TAGS,${DOCKER_IMAGE}:latest"
-
-          echo "tags=${TAGS}" >> $GITHUB_OUTPUT  # Updated output syntax
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
-          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3  # Updated from v1
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3  # Updated from v1
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3  # Updated from v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v5  # Updated from v2
-        with:
-          context: ${{ matrix.context }}
-          build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.prep.outputs.tags }}
-          cache-from: type=gha  # Updated cache type
-          cache-to: type=gha,mode=max
-
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

README.md

@@ -1,11 +1,11 @@
 [![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-debian?label=debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
 [![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml)
-[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
+[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-debian.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-debian.yaml)
+[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-debian.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-debian.yaml)
 
 # Debian Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
-:crown: **Features**
+👑 **Features**
 
 NGINX webserver support [NGINX](https://nginx.org/)  
 Built-in Chrome for PDF generation and other features  
@@ -54,7 +54,7 @@ The `APP_KEY` can be generated by running:
 docker run --rm -it invoiceninja/invoiceninja-debian php artisan key:generate --show
 
 # Or if your containers are already running:
-docker-compose exec app php artisan key:generate --show
+docker compose exec app php artisan key:generate --show
 ```
 
 Copy the entire string and insert in the .env file at `APP_KEY=base64....`
@@ -64,7 +64,7 @@ Copy the entire string and insert in the .env file at `APP_KEY=base64....`
 Start the container with:
 
 ```bash
-docker-compose up -d
+docker compose up -d
 ```
 
 **Note: When performing the setup, the Database host is ```mysql```
@@ -74,9 +74,8 @@ docker-compose up -d
 To upgrade to a newer release image, update your docker-compose.yml first by running:
 
 ```bash
-docker-compose down
-docker-compose pull
-docker-compose up
+docker compose pull
+docker compose up -d
 ```
 
 It is recommended to perform a backup before updating.
@@ -92,4 +91,4 @@ This is a new image which should provide much better support for all users, howe
 
 - [ ] Backup script  
 - [ ] Integrate soketi server  
-- [ ] Add elastic search for site wide search  
+- [ ] Add elastic search for site wide search  

debian/.env

@@ -57,6 +57,6 @@ NORDIGEN_SECRET_KEY=
 
 IS_DOCKER=true
 SCOUT_DRIVER=null
-SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+#SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
 
 

debian/Dockerfile

@@ -1,11 +1,30 @@
-FROM php:8.3-fpm AS base
+ARG PHP=8.4
 
-ARG php_require="bcmath gd pdo_mysql zip"
-ARG php_suggest="exif imagick intl pcntl soap saxon-12.5.0"
+FROM php:${PHP}-fpm AS prepare-app
+
+ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
+
+ADD ${URL} /tmp/invoiceninja.tar.gz
+
+RUN tar -xzf /tmp/invoiceninja.tar.gz -C /var/www/html \
+    && ln -s /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
+    && php artisan storage:link \
+    # Workaround for application updates
+    && mv /var/www/html/public /tmp/public
+
+# ==================
+# InvoiceNinja image
+# ==================
+FROM php:${PHP}-fpm
+
+# PHP modules
+ARG php_require="bcmath gd mbstring pdo_mysql zip"
+ARG php_suggest="exif imagick intl pcntl saxon soap"
 ARG php_extra="opcache"
 
 # Install system dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
+    libfcgi-bin \
     mariadb-client \
     gpg \
     supervisor \
@@ -16,15 +35,15 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     xfonts-wqy \
     # Install google-chrome-stable(amd64)/chromium(arm64)
     && if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
-        mkdir -p /etc/apt/keyrings \
-        && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | \
-            gpg --dearmor -o /etc/apt/keyrings/google.gpg \
-        && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
-        && apt-get update \
-        && apt-get install -y --no-install-recommends google-chrome-stable; \
+    mkdir -p /etc/apt/keyrings \
+    && curl -fsSL https://dl.google.com/linux/linux_signing_key.pub | \
+    gpg --dearmor -o /etc/apt/keyrings/google.gpg \
+    && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends google-chrome-stable; \
     elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
-        apt-get install -y --no-install-recommends \
-        chromium; \        
+    apt-get install -y --no-install-recommends \
+    chromium; \
     fi \
     # Create config directory for chromium/google-chrome-stable
     && mkdir /var/www/.config \
@@ -36,52 +55,36 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 # Install PHP extensions
-RUN ( curl -sSLf https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o - || echo 'return 1' ) | sh -s \
-        ${php_require} \
-        ${php_suggest} \
-        ${php_extra} \
-        @composer
+COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
+
+RUN install-php-extensions \
+    ${php_require} \
+    ${php_suggest} \
+    ${php_extra}
 
 # Configure PHP
-RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+RUN ln -s "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-# Copy scripts
-COPY rootfs /
+COPY php/php.ini /usr/local/etc/php/conf.d/invoiceninja.ini
 
-USER www-data
+COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/invoiceninja.conf
 
-WORKDIR /var/www/html
-
-# Setup InvoiceNinja
-RUN curl -s "https://api.github.com/repos/invoiceninja/invoiceninja/releases/latest" | \
-        grep -o '"browser_download_url": "[^"]*invoiceninja.tar"' | \
-        cut -d '"' -f 4 | \
-        xargs curl -sL | \
-        tar -oxz -C /var/www/html \
-    && cp /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
-    # File permissions
-    && find /var/www/html/ -type f -exec chmod 644 {} \; \
-    # Directory permissions
-    && find /var/www/html/ -type d -exec chmod 755 {} \; \
-    # Install dependencies
-    && composer install --no-dev --no-scripts --no-autoloader \
-    && composer dump-autoload --optimize \
-    && php artisan optimize \
-    && php artisan storage:link \
-    # Workaround for application updates
-    && mv /var/www/html/public /tmp/public
-
-USER root
+# Workaround: Disable SSL for mariadb-client for compatibility with MySQL
+RUN echo "skip-ssl = true" >> /etc/mysql/mariadb.conf.d/50-client.cnf
 
 # Setup supervisor
 COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
+# Setup InvoiceNinja
+COPY --from=prepare-app --chown=www-data:www-data /var/www/html /var/www/html
+COPY --from=prepare-app --chown=www-data:www-data /tmp/public /tmp/public
+
 # Add initialization script
 COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
 # Health check
-HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
-    CMD php -v || exit 1
+HEALTHCHECK --start-period=100s \
+    CMD REMOTE_ADDR=127.0.0.1 REQUEST_URI=/health REQUEST_METHOD=GET SCRIPT_FILENAME=/var/www/html/public/index.php cgi-fcgi -bind -connect 127.0.0.1:9000 | grep '{"status":"ok","message":"API is healthy"}'
 
 ENTRYPOINT ["/usr/local/bin/init.sh"]
-CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]

debian/docker-compose.yml

@@ -1,9 +1,3 @@
-x-logging: &default-logging
-  options:
-    max-size: "10m"
-    max-file: "3"
-  driver: json-file
-
 services:
   app:
     build:
@@ -13,21 +7,16 @@ services:
     env_file:
       - ./.env
     volumes:
-      - ./.env:/var/www/html/.env
-      - ./php/php.ini:/usr/local/etc/php/conf.d/zzz-php.ini:ro
-      - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/zzz-php-fpm.conf:ro
-      - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
-      - app_cache:/var/www/html/bootstrap/cache
+      # - ./php/php.ini:/usr/local/etc/php/conf.d/invoiceninja.ini:ro
+      # - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/invoiceninja.conf:ro
+      # - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
       - app_public:/var/www/html/public
       - app_storage:/var/www/html/storage
-    networks:
-      - app-network
     depends_on:
       mysql:
         condition: service_healthy
       redis:
         condition: service_healthy
-    logging: *default-logging
 
   nginx:
     image: nginx:alpine
@@ -38,17 +27,13 @@ services:
       - ./nginx:/etc/nginx/conf.d:ro
       - app_public:/var/www/html/public:ro
       - app_storage:/var/www/html/storage:ro
-    networks:
-      - app-network
     depends_on:
-      - app
-    logging: *default-logging
+      app:
+        condition: service_healthy
 
   mysql:
     image: mysql:8
     restart: unless-stopped
-    env_file:
-      - ./.env
     environment:
       MYSQL_DATABASE: ${DB_DATABASE}
       MYSQL_USER: ${DB_USERNAME}
@@ -56,40 +41,31 @@ services:
       MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
     volumes:
       - mysql_data:/var/lib/mysql
-    networks:
-      - app-network
     healthcheck:
-      test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    logging: *default-logging
+      test:
+        [
+          "CMD",
+          "mysqladmin",
+          "ping",
+          "-h",
+          "localhost",
+          "-u${MYSQL_USER}",
+          "-p${MYSQL_PASSWORD}",
+        ]
 
   redis:
     image: redis:alpine
     restart: unless-stopped
     volumes:
       - redis_data:/data
-    networks:
-      - app-network
     healthcheck:
-      test: [ "CMD", "redis-cli", "ping" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    logging: *default-logging
-
-networks:
-  app-network:
-    driver: bridge
+      test: ["CMD", "redis-cli", "ping"]
 
 volumes:
-  app_cache:
-    driver: local
   app_public:
     driver: local
   app_storage:
-    driver: local  
+    driver: local
   mysql_data:
     driver: local
   redis_data:

debian/php/php.ini

@@ -1,15 +1,24 @@
 [core]
-# https://www.php.net/manual/en/ini.core.php
-post_max_size = 10M
-upload_max_filesize = 10M
+; https://www.php.net/manual/en/ini.core.php
+post_max_size=10M
+upload_max_filesize=10M
+memory_limit=512M
 
 [opcache]
-# https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
+; https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
 opcache.enable_cli=1
-opcache.max_accelerated_files=4000
-opcache.revalidate_freq=60
 
 [jit]
-# https://wiki.php.net/rfc/jit_config_defaults
+; https://wiki.php.net/rfc/jit_config_defaults
 opcache.jit=tracing
 opcache.jit_buffer_size=64M
+
+[extra]
+; http://symfony.com/doc/current/performance.html
+opcache.memory_consumption=256
+opcache.max_accelerated_files=20000
+opcache.preload=/var/www/html/preload.php
+opcache.preload_user=www-data
+opcache.validate_timestamps=0
+realpath_cache_size = 4096K
+realpath_cache_ttl = 600

debian/rootfs/docker-entrypoint-init.d/10-init-in.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-php artisan db:seed --force
-
-# Build up array of arguments...
-if [ ! -z "${IN_USER_EMAIL}" ]; then
-    email="--email ${IN_USER_EMAIL}"
-fi
-
-if [ ! -z "${IN_PASSWORD}" ]; then
-    password="--password ${IN_PASSWORD}"
-fi
-
-php artisan ninja:create-account $email $password

debian/scripts/init.sh

@@ -1,45 +1,32 @@
-#!/bin/sh
-set -e
+#!/bin/sh -eu
 
-in_log() {
-    local type="$1"
-    shift
-    printf '%s [%s] [Entrypoint]: %s\n' "$(date -u '+%Y-%m-%dT%H:%M:%SZ')" "$type" "$*"
-}
+# Set PDF generation browser path based on architecture
+if [ "$(dpkg --print-architecture)" = "amd64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+elif [ "$(dpkg --print-architecture)" = "arm64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/chromium
+fi
 
-docker_process_init_files() {
-    echo
-    local f
-    for f; do
-        case "$f" in
-        *.sh)
-            # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
-            # https://github.com/docker-library/postgres/pull/452
-            if [ -x "$f" ]; then
-                in_log INFO "$0: running $f"
-                "$f"
-            else
-                in_log INFO "$0: sourcing $f"
-                . "$f"
-            fi
-            ;;
-        *) in_log INFO "$0: ignoring $f" ;;
-        esac
-        echo
-    done
-}
+if [ "$*" = 'supervisord -c /etc/supervisor/supervisord.conf' ]; then
+
+    # Check for required folders and create if needed
+    [ -d /var/www/html/public] || mkdir -p /var/www/html/public
+    [ -d /var/www/html/storage/app/public ] || mkdir -p /var/www/html/storage/app/public
+    [ -d /var/www/html/storage/framework/sessions ] || mkdir -p /var/www/html/storage/framework/sessions
+    [ -d /var/www/html/storage/framework/views ] || mkdir -p /var/www/html/storage/framework/views
+    [ -d /var/www/html/storage/framework/cache ] || mkdir -p /var/www/html/storage/framework/cache
 
-if [ "$*" = 'supervisord -c /etc/supervisor/conf.d/supervisord.conf' ]; then
     # Workaround for application updates
     if [ "$(ls -A /tmp/public)" ]; then
         echo "Updating public folder..."
         rm -rf /var/www/html/public/.htaccess \
             /var/www/html/public/.well-known \
             /var/www/html/public/*
-        mv /tmp/public/* \
+        cp -r /tmp/public/* \
             /tmp/public/.htaccess \
             /tmp/public/.well-known \
-            /var/www/html/public/
+            /var/www/html/public/ && \
+            rm -rf /tmp/public/*
     fi
     echo "Public Folder is up to date"
 
@@ -56,23 +43,26 @@ if [ "$*" = 'supervisord -c /etc/supervisor/conf.d/supervisord.conf' ]; then
 
     # Clear and cache config in production
     if [ "$APP_ENV" = "production" ]; then
+        runuser -u www-data -- php artisan migrate --force       
+        runuser -u www-data -- php artisan cache:clear # Clear after the migration
+        runuser -u www-data -- php artisan ninja:design-update
         runuser -u www-data -- php artisan optimize
-        runuser -u www-data -- php artisan package:discover
-        runuser -u www-data -- php artisan migrate --force
 
         # If first IN run, it needs to be initialized
-        echo "Checking initialization status..."
-        IN_INIT=$(php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')
-        echo "IN_INIT value: $IN_INIT"
+        if [ "$(runuser -u www-data -- php artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
+            echo "Running initialization..."
+            
+            runuser -u www-data -- php artisan db:seed --force
+
+            if [ -n "${IN_USER_EMAIL}" ] && [ -n "${IN_PASSWORD}" ]; then
+                runuser -u www-data -- php artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
+            else
+                echo "Initialization failed - Set IN_USER_EMAIL and IN_PASSWORD in .env"
+                exit 1
+            fi
 
-        if [ "$IN_INIT" = "1" ]; then
-            echo "Running initialization scripts..."
-            docker_process_init_files /docker-entrypoint-init.d/*
         fi
-
         echo "Production setup completed"
-        echo "IN_INIT value: $IN_INIT"
-
     fi
 
     echo "Starting supervisord..."

debian/supervisor/supervisord.conf

@@ -1,32 +1,22 @@
-[unix_http_server]
-file=/var/run/supervisor.sock
-chmod=0700
-
 [supervisord]
 nodaemon=true
 user=root
-logfile=/var/log/supervisor/supervisord.log
+logfile=/dev/null
+logfile_maxbytes=0
 pidfile=/var/run/supervisord.pid
 
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///var/run/supervisor.sock
-
 [program:php-fpm]
 command=/usr/local/sbin/php-fpm -F
 autostart=true
 autorestart=true
 priority=5
-stdout_logfile=/dev/stdout
+stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+redirect_stderr=true
 
 [program:queue-worker]
 process_name=%(program_name)s_%(process_num)02d
-command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600
+command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600 --verbose
 autostart=true
 autorestart=true
 stopasgroup=true
@@ -34,16 +24,16 @@ killasgroup=true
 user=www-data
 numprocs=2
 environment=HOME="/var/www"
-stdout_logfile=/var/log/php-worker.log
-stderr_logfile=/var/log/php-worker.err.log
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
 stopwaitsecs=3600
 
 [program:scheduler]
-command=/bin/sh -c "while [ true ]; do (php /var/www/html/artisan schedule:run --verbose --no-interaction &); sleep 60; done"
+command=php /var/www/html/artisan schedule:work --verbose
 autostart=true
 autorestart=true
 user=www-data
-stdout_logfile=/dev/stdout
+stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
+redirect_stderr=true

docker/app/public/.keep

@@ -1 +0,0 @@
-

docker/app/storage/.keep

@@ -1 +0,0 @@
-